Commit 8afc52a5 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] fix for potential integer overflow in zoran driver

From: "Ronald S. Bultje" <R.S.Bultje@students.uu.nl>

Attached patch fixes a potential integer overflow in zoran_procs.c (part of
the zr36067 driver).  Bug was detected by Ken Ashcraft with the Stanford
checker.
parent de2350c5
...@@ -204,6 +204,10 @@ zoran_write_proc (struct file *file, ...@@ -204,6 +204,10 @@ zoran_write_proc (struct file *file,
char *line, *ldelim, *varname, *svar, *tdelim; char *line, *ldelim, *varname, *svar, *tdelim;
struct zoran *zr; struct zoran *zr;
/* Random maximum */
if (count > 256)
return -EINVAL;
zr = (struct zoran *) data; zr = (struct zoran *) data;
string = sp = vmalloc(count + 1); string = sp = vmalloc(count + 1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment